Your Device Might be Infected With This Sneaky Spigot Malware

What is Spigot malware?  

Spigot malware can be classified as a type of adware that combines itself in heaps with online downloads from legitimate appearing websites. When a legitimate download is opened, multiple Spigot applications install themselves into your web browser as an extension to display themselves as advertisements.  

Spigot applications may be masked as authentic services for example, Amazon Shopping Assistant when in reality, they are a serious threat to your security. The purpose behind naming these applications after familiar, legitimate businesses is to avoid detection from the user when they check the list of their browser extensions.   

In addition to continuously displaying a barrage of unwanted adds to their targets, Spigot can record all inputs consisting of the device user’s sensitive information, similar to the function of spyware.  

Spigot applications can affect both Windows and macOS running devices. Once an anti-virus scan is conducted, the malware will be clearly identified as ‘macos:spigot-ay[pup]’ or ‘macros:spigot-ay’. For the first identification, ‘pup’ categorises Spigot as a ‘Potentially Unwanted Program’. The overall term for the Spigot malware family is ‘pup.optional.spigot.generic’. 

What does the malware do? 

Once Spigot has been installed onto your device, it’s two main functions are to deliver unwanted advertisements and collect your sensitive data.  

To do this, Spigot hijacks your web browser. This can be Google Chrome, Safari, Firefox, Microsoft Edge and more. The malware gains access to your browser by disguising itself as an extension. When successful, your homepage is altered and an excessive number of advertisements are shown to you. Many of these appear as pop-up adds which are embedded with malicious codes designed to redirect you to promotional sites, dating sites or porn sites in an attempt to generate an income for Spigot and third-party advertisers.  

To prevent unwanted ads and adware from affecting your device security, it is important to install a reputable ad blocker as some ad blockers are not legitimate and will cause further harm. 

As a result of Spigot malware running as a browser extension, your search history, your IP address and your login details will be stored and accessed, heightening the risk of you becoming a victim of identity theft.   

Upon Windows running desktops, Spigot also has the capability to modify and impair the Windows registry, a data base that stores information concerning the operating system. Permanent damage can be caused if careless changes are made to the registry.   

All of the combined activities of Spigot result in your browser performing at a slower rate and a general lag in your system. In some cases, your browser will directly warn you of a Spigot infection for which you will need to use a trustworthy anti-virus software. Depending on your browser, you will be given a warning before you decide to presume with downloading the adware.  

How do people end up downloading the malware?  

It does not seem as serious as other malware which are often less obvious to the user. Nevertheless, users can still become tricked into downloading the adware.  

Spigot is commonly levied through a bundled collection of free downloads of software for example, a fake Flash Player update. These downloader sites are often embedded with a feature called ‘custom installer’ or ‘download assistant’ which sneaks in prior to the actual download. These extra features typically offer an additional function such as a weather tool as an example.  

These additions are integrated in a sneaky manner and if you do not pay attention whilst installing a new software or an update, the mistake of downloading extra unnecessary things can be made. In some cases, Spigot may be hidden in the ‘advanced settings’ section of a legitimate download, a place that people do not tend to check before downloading something. 

\=In terms of precise categorisation, with all the malicious capabilities attached to Spigot such as browser hijacking, hidden downloads and unwanted files, Spigot can sometimes be mistaken for a virus.   

Spigot however, falls into the adware category of malware and can be easily removed. Adware are not as severe as viruses as viruses use your computer’s resources to self-replicate and spread.  

In order to remove a virus, you would need to use a reputable anti-virus removal tool to absolve your device of infections.  

Preventing your device from becoming compromised  

To prevent your device from becoming infected, you need to be cautious when downloading software. Do not immediately click the ‘next’ button. Instead, check for any ticked boxes and review the specifics.   

Pre-checked boxes are a common method for the disruption of bloatware and other PUPs (Potentially Unwanted Programs), a method dependent on exploiting the unawareness of the device user. It is also important to check the advanced options of downloads as this is a place adware can be hidden in.  

Only download software directly from the developer’s site to ensure that it is legitimate, do not install Flash updates from pop-ups and avoid links from leaked software.  

About Securiwiser 

We aim to provide our clients advice concerning implementation of various specific cyber security methods, some of which will be more suitable than others depending on the business type to help ensure the cyber health of our client’s system.  

We advise our clients (whether they are individual users or business owners) regarding various cyber threats that their businesses and operating systems may face. This includes increasing trends of certain threats and prevention methods that are cost effective and time saving.   

Furthermore, business owners, employees and general users may forget to conduct regular scans to monitor the health of their operating system, which criminals can take advantage of to gain unauthorised access by exploiting unrecognised, underlying vulnerabilities.  

Securiwiser can conduct regular scans for your system and provide a detailed cybersecurity risk assessment and a cybersecurity vulnerability assessment. We can further explain detected vulnerabilities and risks in detail to our clients and provide the best course of action that will save your business time and money.